As I repeatedly aver, there are no new security bugs, but merely an increasing number of variations on the same theme; this morning a Slashdot posting reminded me of last year’s DEFCON experiment that successfully pumped an “unamplified” WiFi connection for some 55.1 miles; I quote the term “unamplified” here because (as an SWL) I tend to think of using a high-gain antenna as amplification, although I am not going to bust anyone’s chops when it’s pretty clear they meant that no signal boosting via power amplification was involved.

Anyone who has read books like Deep Black [www.amazon.com] – a book which Whit Diffie recommended to me a few years ago, and with the help of another colleague I got a copy from Amazon USA – anyone who has read such books will be aware of ferret satellites, ones which are launched to “sniff” wireless communications, originally defence-system radar signatures and the like, and latterly other sorts of wireless communication… Hmm…

“Pinky, are you pondering what I’m pondering?”

Now: 55 miles is a bit less than 300,000 feet – not even Low Earth Orbit – but it is certainly a promising distance.

So: if a 10-foot antenna can lock on to a ground signal from 55 miles, what could a 50-foot one achieve from 200? You can’t just multiply it out, it doesn’t work like that, and moreover there are issues/benefits of atmospheric thinning with increasing altitude, and (frankly) better-quality equipment, cooled receivers, etc.

Transmitting back to a base-station would not be feasible, but it wouldn’t be important anyway – you are just there to listen, right? If you want to transmit you can probably do it up-close and personal.

This probably qualifies me for the tin-foil-hat brigade, but it does make you wonder if some bright spark in the NSA isn’t thinking along the same lines.

If you like this sort of thing and move in certain, rather paranoid circles in the UK, there are people who will tell you that the French have arrays of antennas pointing at the southeast coast of England for the purposes of intercepting GSM phonecalls lest anyone visiting Kent be of interest to them.

An aside regarding transmission: a few years ago at a USENIX in Monterey, Marcus Ranum put a name to a concept we’d been discussing: “statutory murder”. In this scenario you find someone you don’t like, give them cause to fly to certain Asian countries on the pretext of a business trip, and hide an ounce of some Class-A substance about their person. That will probably be the end of them.

Similarly with open Wireless Access Points.

Part of the inadvisability of letting people onto your home network (802.11, Bluetooth, whatever) is the risk that they will upload something unpleasant onto your harddisk and then set the police on you. In the UK there is no effective protection from the media, little from the mob, and the audit trail you would need for your defence will probably not exist if you are daft enough to have an open access point in the first place.

It’d be deeply illegal to frame someone like this, however if spun properly the victim would have no credibility. Call it cyber-pillorying, perhaps?

Kafka, where are you when we need you?